Tom Eastep wrote:
> mess-mate wrote:
>> Tom Eastep wrote:
>>
>>> mess-mate wrote:
>>>> Hi,
>>>>
>>>> can anybody help me translate this iptable to a shorewall rule :
>>>>
>>>> iptables -t NAT -A POSTROUTING -s GUEST_IP -j SNAT --to-source HOST_IP
>>>>
>>>> Host ip = xx.xx.xx.xx, guest ip subnet is yy.yy.yy.yy/255.255.255.0
>>>> *
>>> What problem are you trying to solve? I would be surprised if you
>>> don't already have an entry in /etc/shorewall/masq that does what you
>>> want.
>>>
>>> -Tom
>>>
>> Thanks for the reply. I'm very new to shorewall and say to iptables
>> to :(
>> What i try to solve is this:
>
> <Mostly useless information deleted>
>
> Mess-mate,
>
> Please follow the advice that Martin Leben has already given you and
> go to http://www.shorewall.net/support.htm#Guidelines and follow the
> instructions for submitting a useful problem report.
>
> Without knowing what you configuration really looks like, we would
> just be guessing about what is wrong and how to correct it.
>
> But here are a couple of tips:
>
> a) Be sure that IP_FORWARDIG=Yes in shorewall.conf
> b) Be sure that there is an entry for your DMZ in /etc/shorewall/masq.
> c) Be sure that you have the required DNAT rule(s) in place to allow
> your webserver to be accessed from the net (note: you will _not_ be
> able to ping your webserver from the net).
>
> -Tom
>
> ------------------------------------------------------------------------
>
>
Hi,
attached the statux.txt.
a) it is
b)the machine is located in the dmz zone and is running very well
without any entry in /etc/shorewall/masq, for now
c) no nat rules. The DNAT rule is given in the router machine and
redirect to my website actually on the host .
DNAT $FW dmz:192.168.20.1 tcp 80 - $ETH0_IP
And i want my website in the vservers guest, so dmz:192.168.20.1 shall
become dmz:192.168.30.1 in the future when my problem is solved.
I consulted the guidelines, suport and many others before asking for
help, but nothing about this situation.
There is no firewall on the guest.
Hope i clarify a little bit more :(
internet
|
modem
|
ppp0
| machine 2 (dmz zone)
machine 1
--------------------------------------------------------------|
------------- | eth2
-----------------------------| |
|router | -------------> | server (host) --> | vserver (guest) | |
| eth0 | | 192.168.20.1 | 192.168.30.1 | |
------------- | firewall | no
firewall | |
| |
-----------------------------| |
|
---------------------------------------------------------------|
|
loc (eth1)
lan machines
best regards
Shorewall-3.2.6 Dump at serv - mercredi 16 avril 2008, 09:30:01 (UTC+0200)
Counters reset mardi 15 avril 2008, 20:12:01 (UTC+0200)
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35747 7025K ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
20736 3793K eth1_in 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth1_fwd 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35747 7025K ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
17316 3134K fw2dmz 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (0 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (5 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
11 924 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
11 924 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2all (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
11 924 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
11 924 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:dmz2all:REJECT:'
11 924 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dmz2fw (1 references)
pkts bytes target prot opt in out source destination
20646 3787K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 192.168.10.6 0.0.0.0/0
tcp dpt:81
0 0 ACCEPT tcp -- * * 192.168.10.6 0.0.0.0/0
tcp dpt:55555
0 0 ACCEPT tcp -- * * 192.168.10.6 0.0.0.0/0
tcp dpt:7070
0 0 ACCEPT tcp -- * * 192.168.10.6 0.0.0.0/0
tcp dpt:10000
8 480 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.20.254 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21
70 3912 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:143
0 0 ACCEPT icmp -- * * 192.168.10.2 0.0.0.0/0
icmp type 8
0 0 ACCEPT icmp -- * * 192.168.10.4 0.0.0.0/0
icmp type 8
0 0 ACCEPT icmp -- * * 192.168.10.6 0.0.0.0/0
icmp type 8
11 924 dmz2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
90 5376 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
20736 3793K dmz2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain fw2dmz (1 references)
pkts bytes target prot opt in out source destination
16764 3100K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21
552 34386 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (12 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
11 924 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 192.168.20.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.20.255 0.0.0.0/0
0 0 LOG 0 -- * * 192.168.30.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.30.255 0.0.0.0/0
0 0 LOG 0 -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG 0 -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
Log (/var/log/messages)
Apr 16 09:12:15 dmz2all:REJECT:IN=eth1 OUT= SRC=192.168.20.254 DST=192.168.30.1
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16897
SEQ=1
Apr 16 09:12:16 dmz2all:REJECT:IN=eth1 OUT= SRC=192.168.20.254 DST=192.168.30.1
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16897
SEQ=2
Apr 16 09:12:17 dmz2all:REJECT:IN=eth1 OUT= SRC=192.168.20.254 DST=192.168.30.1
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16897
SEQ=3
NAT Table
Chain PREROUTING (policy ACCEPT 54 packets, 3504 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1477 packets, 90551 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1477 packets, 90551 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 56483 packets, 11M bytes)
pkts bytes target prot opt in out source destination
56483 11M tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 56483 packets, 11M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcfor 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 360K packets, 139M bytes)
pkts bytes target prot opt in out source destination
53063 10M tcout 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 53063 packets, 10M bytes)
pkts bytes target prot opt in out source destination
53063 10M tcpost 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 431912 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=57657
dport=22 packets=233 bytes=15259 src=192.168.20.1 dst=192.168.10.6 sport=22
dport=57657 packets=233 bytes=61667 [ASSURED] mark=0 secmark=0 use=1
tcp 6 31 TIME_WAIT src=192.168.10.6 dst=192.168.20.1 sport=57656 dport=22
packets=16 bytes=2119 src=192.168.20.1 dst=192.168.10.6 sport=22 dport=57656
packets=14 bytes=2519 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60273
dport=143 packets=25 bytes=1905 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60273 packets=16 bytes=2062 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431427 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60269
dport=143 packets=48 bytes=2896 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60269 packets=35 bytes=7330 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=57690
dport=143 packets=31 bytes=1970 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=57690 packets=27 bytes=3178 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431999 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=55790
dport=22 packets=569 bytes=44026 src=192.168.20.1 dst=192.168.10.6 sport=22
dport=55790 packets=375 bytes=116295 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=57692
dport=143 packets=32 bytes=2610 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=57692 packets=26 bytes=3164 [ASSURED] mark=0 secmark=0 use=1
tcp 6 30 TIME_WAIT src=192.168.10.6 dst=192.168.20.1 sport=57653 dport=22
packets=14 bytes=2015 src=192.168.20.1 dst=192.168.10.6 sport=22 dport=57653
packets=14 bytes=2519 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60265
dport=143 packets=33 bytes=2429 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60265 packets=25 bytes=2994 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60264
dport=143 packets=41 bytes=2521 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60264 packets=31 bytes=3314 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=57691
dport=143 packets=28 bytes=2255 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=57691 packets=24 bytes=3135 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=57693
dport=143 packets=24 bytes=2014 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=57693 packets=17 bytes=2384 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431428 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60312
dport=143 packets=49 bytes=3133 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60312 packets=38 bytes=20861 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431427 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60270
dport=143 packets=578 bytes=42946 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60270 packets=523 bytes=155674 [ASSURED] mark=0 secmark=0 use=1
tcp 6 31 TIME_WAIT src=192.168.10.6 dst=192.168.20.1 sport=57655 dport=22
packets=27 bytes=4563 src=192.168.20.1 dst=192.168.10.6 sport=22 dport=57655
packets=26 bytes=4007 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431427 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60263
dport=143 packets=561 bytes=40543 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60263 packets=552 bytes=202344 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431427 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60277
dport=143 packets=161 bytes=12071 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60277 packets=125 bytes=45836 [ASSURED] mark=0 secmark=0 use=1
tcp 6 429635 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=60266
dport=143 packets=25 bytes=1556 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=60266 packets=21 bytes=2412 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=57689
dport=143 packets=37 bytes=3111 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=57689 packets=33 bytes=4473 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431457 ESTABLISHED src=192.168.10.6 dst=192.168.20.1 sport=57688
dport=143 packets=29 bytes=1861 src=192.168.20.1 dst=192.168.10.6 sport=143
dport=57688 packets=27 bytes=3394 [ASSURED] mark=0 secmark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:29:3c:34:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.20.1/24 brd 192.168.20.255 scope global eth1
inet 192.168.30.1/24 brd 192.168.30.255 scope global eth1
inet6 fe80::2e0:29ff:fe3c:34bd/64 scope link
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
47930469 169935 0 0 0 0
TX: bytes packets errors dropped carrier collsns
47930469 169935 0 0 0 0
2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:29:3c:34:bd brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
194183926 207004 0 0 0 0
TX: bytes packets errors dropped carrier collsns
93859924 191056 0 0 0 0
/proc
/proc/version = Linux version 2.6.22.19-grsec2.1.11-vs2.2.0.7 ([EMAIL
PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP
Sun Apr 13 12:24:43 CEST 2008
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
Routing Rules
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
Table 255:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 192.168.20.255 dev eth1 proto kernel scope link src 192.168.20.1
broadcast 192.168.30.255 dev eth1 proto kernel scope link src 192.168.30.1
local 192.168.20.1 dev eth1 proto kernel scope host src 192.168.20.1
broadcast 192.168.30.0 dev eth1 proto kernel scope link src 192.168.30.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 192.168.30.1 dev eth1 proto kernel scope host src 192.168.30.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table default:
Table main:
192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.1
192.168.30.0/24 dev eth1 proto kernel scope link src 192.168.30.1
default via 192.168.20.254 dev eth1
ARP
? (192.168.20.254) at 00:A0:CC:3F:48:3E [ether] on eth1
Modules
iptable_raw 2516 0
ipt_ULOG 8820 0
ipt_TTL 2437 0
ipt_ttl 2010 0
ipt_TOS 2361 0
ipt_tos 1776 0
ipt_SAME 2511 0
ipt_REJECT 4632 4
ipt_REDIRECT 2206 0
ipt_recent 9056 0
ipt_owner 2111 0
ipt_NETMAP 2181 0
ipt_MASQUERADE 3762 0
ipt_LOG 6236 11
ipt_iprange 1911 0
ipt_ECN 3038 0
ipt_ecn 2323 0
ipt_CLUSTERIP 8686 0
ipt_ah 2023 0
ipt_addrtype 1963 0
iptable_nat 7378 0
iptable_mangle 2927 1
iptable_filter 3112 1
ip_tables 12429 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Traffic Control
Device eth1:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 93840250 bytes 191056 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TC Filters
Device eth1:
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
